From: Nik Okuntseff <support@anuko.com>
Date: Tue, 19 Feb 2019 15:28:59 +0000 (+0000)
Subject: Renamed client access rights for clarity.
X-Git-Tag: timetracker_1.19-1~311
X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=6d72b9b2a73391e8e6b2a3586b4972c1a2e8160d;p=timetracker.git

Renamed client access rights for clarity.
---

diff --git a/WEB-INF/lib/ttRoleHelper.class.php b/WEB-INF/lib/ttRoleHelper.class.php
index 02b22cdf..000f7ceb 100644
--- a/WEB-INF/lib/ttRoleHelper.class.php
+++ b/WEB-INF/lib/ttRoleHelper.class.php
@@ -189,7 +189,7 @@ class ttRoleHelper {
 
     $mdb2 = getConnection();
 
-    $rights_client = 'view_own_reports,view_own_timesheets,view_own_charts,view_own_invoices,manage_own_settings';
+    $rights_client = 'view_client_reports,view_client_timesheets,view_client_invoices,manage_own_settings';
     $rights_user = 'track_own_time,track_own_expenses,view_own_reports,view_own_timesheets,manage_own_timesheets,view_own_charts,view_own_projects,view_own_tasks,manage_own_settings,view_users';
     $rights_supervisor = $rights_user.',track_time,track_expenses,view_reports,view_timesheets,manage_timesheets,approve_timesheets,view_charts,view_own_clients,override_punch_mode,override_date_lock,override_own_date_lock,swap_roles';
     $rights_comanager = $rights_supervisor.',manage_own_account,manage_users,manage_projects,manage_tasks,manage_custom_fields,manage_clients,manage_invoices,override_allow_ip,manage_basic_settings,view_all_reports';
diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl
index d8ce9770..6ed36219 100644
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.18.37.4738 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.18.37.4739 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
diff --git a/WEB-INF/templates/header.tpl b/WEB-INF/templates/header.tpl
index b5f122db..aab851bf 100644
--- a/WEB-INF/templates/header.tpl
+++ b/WEB-INF/templates/header.tpl
@@ -112,14 +112,14 @@
     {if $user->exists() && $user->isPluginEnabled('ex') && ($user->can('track_own_expenses') || $user->can('track_expenses'))}
             &middot; <a class="mainMenu" href="expenses.php">{$i18n.menu.expenses}</a>
     {/if}
-    {if $user->exists() && ($user->can('view_own_reports') || $user->can('view_reports'))}
+    {if $user->exists() && ($user->can('view_own_reports') || $user->can('view_reports') || $user->can('view_all_reports') || $user->can('view_client_reports'))}
             &middot; <a class="mainMenu" href="reports.php">{$i18n.menu.reports}</a> 
     {/if}
     {if $user->exists() && $user->isPluginEnabled('ts') && ($user->can('view_own_timesheets') || $user->can('manage_own_timesheets') ||
       $user->can('view_timesheets') || $user->can('manage_timesheets') || $user->can('approve_timesheets'))}
             &middot; <a class="mainMenu" href="timesheets.php">{$i18n.menu.timesheets}</a>
     {/if}
-    {if $user->exists() && $user->isPluginEnabled('iv') && ($user->can('view_own_invoices') || $user->can('manage_invoices'))}
+    {if $user->exists() && $user->isPluginEnabled('iv') && ($user->can('manage_invoices') || $user->can('view_client_invoices'))}
             &middot; <a class="mainMenu" href="invoices.php">{$i18n.title.invoices}</a>
     {/if}
     {if ($user->exists() && $user->isPluginEnabled('ch') && ($user->can('view_own_charts') || $user->can('view_charts'))) &&
diff --git a/WEB-INF/templates/invoices.tpl b/WEB-INF/templates/invoices.tpl
index b966f9e2..86e7e525 100644
--- a/WEB-INF/templates/invoices.tpl
+++ b/WEB-INF/templates/invoices.tpl
@@ -5,7 +5,7 @@
 <table cellspacing="0" cellpadding="7" border="0" width="720">
   <tr>
     <td valign="top">
-{if $user->can('manage_invoices') || $user->can('view_own_invoices')}
+{if $user->can('manage_invoices') || $user->can('view_client_invoices')}
       <table cellspacing="1" cellpadding="3" border="0" width="100%">
         <tr>
           <td class="tableHeader">{$i18n.label.invoice}</td>
diff --git a/dbinstall.php b/dbinstall.php
index 99450963..e40d4be6 100644
--- a/dbinstall.php
+++ b/dbinstall.php
@@ -972,7 +972,7 @@ if ($_POST) {
     print "Updated $tt_expense_items_updated tt_expense_items records...<br>\n";
   }
 
-  if ($_POST["convert11797to11839"]) {
+  if ($_POST["convert11797to11840"]) {
     ttExecute("ALTER TABLE `tt_fav_reports` CHANGE `group_by` `group_by1` varchar(20) default NULL");
     ttExecute("ALTER TABLE `tt_fav_reports` ADD `group_by2` varchar(20) default NULL AFTER `group_by1`");
     ttExecute("ALTER TABLE `tt_fav_reports` ADD `group_by3` varchar(20) default NULL AFTER `group_by2`");
@@ -1077,6 +1077,12 @@ if ($_POST) {
     ttExecute("update `tt_roles` inner join `tt_site_config` sc on (sc.param_name = 'version_db' and sc.param_value = '1.18.38') set rights = replace(rights, 'view_all_reports', 'view_all_reports,view_all_timesheets,manage_all_timesheets') where rank = 68 or rank = 324");
     ttExecute("update `tt_roles` inner join `tt_site_config` sc on (sc.param_name = 'version_db' and sc.param_value = '1.18.38') set rights = replace(rights, 'export_data,manage_subgroups', 'export_data,approve_all_timesheets,manage_subgroups') where rank = 324");
     ttExecute("UPDATE `tt_site_config` SET param_value = '1.18.39', modified = now() where param_name = 'version_db' and param_value = '1.18.38'");
+    ttExecute("update `tt_roles` inner join `tt_site_config` sc on (sc.param_name = 'version_db' and sc.param_value = '1.18.39') set rights = 'track_own_time,track_own_expenses,view_own_reports,view_own_timesheets,manage_own_timesheets,view_own_charts,view_own_projects,view_own_tasks,manage_own_settings,view_users,view_client_reports,view_client_timesheets,view_client_invoices,track_time,track_expenses,view_reports,view_timesheets,manage_timesheets,approve_timesheets,view_charts,view_own_clients,override_punch_mode,override_own_punch_mode,override_date_lock,override_own_date_lock,swap_roles,manage_own_account,manage_users,manage_projects,manage_tasks,manage_custom_fields,manage_clients,manage_invoices,override_allow_ip,manage_basic_settings,view_all_reports,view_all_timesheets,manage_all_timesheets,manage_features,manage_advanced_settings,manage_roles,export_data,approve_all_timesheets,manage_subgroups,delete_group' where rank = 512");
+    ttExecute("update `tt_roles` inner join `tt_site_config` sc on (sc.param_name = 'version_db' and sc.param_value = '1.18.39') set rights = replace(rights, 'view_own_reports', 'view_client_reports') where rank = 16");
+    ttExecute("update `tt_roles` inner join `tt_site_config` sc on (sc.param_name = 'version_db' and sc.param_value = '1.18.39') set rights = replace(rights, 'view_own_charts,', '') where rank = 16");
+    ttExecute("update `tt_roles` inner join `tt_site_config` sc on (sc.param_name = 'version_db' and sc.param_value = '1.18.39') set rights = replace(rights, 'view_own_timesheets', 'view_client_timesheets') where rank = 16");
+    ttExecute("update `tt_roles` inner join `tt_site_config` sc on (sc.param_name = 'version_db' and sc.param_value = '1.18.39') set rights = replace(rights, 'view_own_invoices', 'view_client_invoices') where rank = 16");
+    ttExecute("UPDATE `tt_site_config` SET param_value = '1.18.40', modified = now() where param_name = 'version_db' and param_value = '1.18.39'");
   }
 
   if ($_POST["cleanup"]) {
@@ -1125,7 +1131,7 @@ if ($_POST) {
 <h2>DB Install</h2>
 <table width="80%" border="1" cellpadding="10" cellspacing="0">
   <tr>
-    <td width="80%"><b>Create database structure (v1.18.39)</b>
+    <td width="80%"><b>Create database structure (v1.18.40)</b>
     <br>(applies only to new installations, do not execute when updating)</br></td><td><input type="submit" name="crstructure" value="Create"></td>
   </tr>
 </table>
@@ -1170,8 +1176,8 @@ if ($_POST) {
   </tr>
   </tr>
   <tr valign="top">
-    <td>Update database structure (v1.17.97 to v1.18.39)</td>
-    <td><input type="submit" name="convert11797to11839" value="Update"></td>
+    <td>Update database structure (v1.17.97 to v1.18.40)</td>
+    <td><input type="submit" name="convert11797to11840" value="Update"></td>
   </tr>
 </table>
 
diff --git a/invoice_send.php b/invoice_send.php
index c86cebb5..e94e8050 100644
--- a/invoice_send.php
+++ b/invoice_send.php
@@ -32,7 +32,7 @@ import('ttInvoiceHelper');
 import('ttUserConfig');
 
 // Access checks.
-if (!(ttAccessAllowed('manage_invoices') || ttAccessAllowed('view_own_invoices'))) {
+if (!(ttAccessAllowed('manage_invoices') || ttAccessAllowed('view_client_invoices'))) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/invoice_view.php b/invoice_view.php
index 772500ef..64831798 100644
--- a/invoice_view.php
+++ b/invoice_view.php
@@ -33,7 +33,7 @@ import('ttClientHelper');
 import('form.Form');
 
 // Access checks.
-if (!(ttAccessAllowed('manage_invoices') || ttAccessAllowed('view_own_invoices'))) {
+if (!(ttAccessAllowed('manage_invoices') || ttAccessAllowed('view_client_invoices'))) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/invoices.php b/invoices.php
index ba1cad46..de51b536 100644
--- a/invoices.php
+++ b/invoices.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttGroupHelper');
 
 // Access checks.
-if (!(ttAccessAllowed('manage_invoices') || ttAccessAllowed('view_own_invoices'))) {
+if (!(ttAccessAllowed('manage_invoices') || ttAccessAllowed('view_client_invoices'))) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/mysql.sql b/mysql.sql
index bd8a67e7..0218cf75 100644
--- a/mysql.sql
+++ b/mysql.sql
@@ -75,7 +75,7 @@ create unique index role_idx on tt_roles(group_id, rank, status);
 
 # Insert site-wide roles - site administrator and top manager.
 INSERT INTO `tt_roles` (`group_id`, `name`, `rank`, `rights`) VALUES (0, 'Site administrator', 1024, 'administer_site');
-INSERT INTO `tt_roles` (`group_id`, `name`, `rank`, `rights`) VALUES (0, 'Top manager', 512, 'track_own_time,track_own_expenses,view_own_reports,view_own_timesheets,manage_own_timesheets,view_own_charts,view_own_invoices,view_own_projects,view_own_tasks,manage_own_settings,view_users,track_time,track_expenses,view_reports,view_timesheets,manage_timesheets,approve_timesheets,view_charts,view_own_clients,override_punch_mode,override_own_punch_mode,override_date_lock,override_own_date_lock,swap_roles,manage_own_account,manage_users,manage_projects,manage_tasks,manage_custom_fields,manage_clients,manage_invoices,override_allow_ip,manage_basic_settings,view_all_reports,view_all_timesheets,manage_all_timesheets,manage_features,manage_advanced_settings,manage_roles,export_data,approve_all_timesheets,manage_subgroups,delete_group');
+INSERT INTO `tt_roles` (`group_id`, `name`, `rank`, `rights`) VALUES (0, 'Top manager', 512, 'track_own_time,track_own_expenses,view_own_reports,view_own_timesheets,manage_own_timesheets,view_own_charts,view_own_projects,view_own_tasks,manage_own_settings,view_users,view_client_reports,view_client_timesheets,view_client_invoices,track_time,track_expenses,view_reports,view_timesheets,manage_timesheets,approve_timesheets,view_charts,view_own_clients,override_punch_mode,override_own_punch_mode,override_date_lock,override_own_date_lock,swap_roles,manage_own_account,manage_users,manage_projects,manage_tasks,manage_custom_fields,manage_clients,manage_invoices,override_allow_ip,manage_basic_settings,view_all_reports,view_all_timesheets,manage_all_timesheets,manage_features,manage_advanced_settings,manage_roles,export_data,approve_all_timesheets,manage_subgroups,delete_group');
 
 
 #
@@ -518,4 +518,4 @@ CREATE TABLE `tt_site_config` (
   PRIMARY KEY  (`param_name`)
 );
 
-INSERT INTO `tt_site_config` (`param_name`, `param_value`, `created`) VALUES ('version_db', '1.18.39', now()); # TODO: change when structure changes.
+INSERT INTO `tt_site_config` (`param_name`, `param_value`, `created`) VALUES ('version_db', '1.18.40', now()); # TODO: change when structure changes.
diff --git a/report.php b/report.php
index 65d98e4e..93720cb2 100644
--- a/report.php
+++ b/report.php
@@ -33,7 +33,7 @@ import('ttReportHelper');
 import('ttGroupHelper');
 
 // Access check.
-if (!(ttAccessAllowed('view_own_reports') || ttAccessAllowed('view_reports') || ttAccessAllowed('view_all_reports'))) {
+if (!(ttAccessAllowed('view_own_reports') || ttAccessAllowed('view_reports') || ttAccessAllowed('view_all_reports')  || ttAccessAllowed('view_client_reports'))) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/reports.php b/reports.php
index 892b117e..05d7e5f2 100644
--- a/reports.php
+++ b/reports.php
@@ -38,7 +38,7 @@ import('ttClientHelper');
 import('ttReportHelper');
 
 // Access check.
-if (!(ttAccessAllowed('view_own_reports') || ttAccessAllowed('view_reports') || ttAccessAllowed('view_all_reports'))) {
+if (!(ttAccessAllowed('view_own_reports') || ttAccessAllowed('view_reports') || ttAccessAllowed('view_all_reports') || ttAccessAllowed('view_client_reports'))) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/tofile.php b/tofile.php
index 3934471d..3ddce979 100644
--- a/tofile.php
+++ b/tofile.php
@@ -32,7 +32,7 @@ import('form.ActionForm');
 import('ttReportHelper');
 
 // Access checks.
-if (!(ttAccessAllowed('view_own_reports') || ttAccessAllowed('view_reports'))) {
+if (!(ttAccessAllowed('view_own_reports') || ttAccessAllowed('view_reports') || ttAccessAllowed('view_all_reports')  || ttAccessAllowed('view_client_reports'))) {
   header('Location: access_denied.php');
   exit();
 }
diff --git a/topdf.php b/topdf.php
index fd3016e5..181dec69 100644
--- a/topdf.php
+++ b/topdf.php
@@ -36,7 +36,7 @@ import('form.ActionForm');
 import('ttReportHelper');
 
 // Access checks.
-if (!(ttAccessAllowed('view_own_reports') || ttAccessAllowed('view_reports'))) {
+if (!(ttAccessAllowed('view_own_reports') || ttAccessAllowed('view_reports') || ttAccessAllowed('view_all_reports') || ttAccessAllowed('view_client_reports'))) {
   header('Location: access_denied.php');
   exit();
 }